reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-02-28
Updated
2017-07-11
reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-28
Updated
2017-07-11
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-28
Updated
2017-10-19
Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables.
Max CVSS
4.3
EPSS Score
0.21%
Published
2005-02-28
Updated
2016-10-18
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
Max CVSS
5.0
EPSS Score
0.13%
Published
2005-02-28
Updated
2008-09-05
Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent.
Max CVSS
7.5
EPSS Score
2.27%
Published
2005-02-28
Updated
2008-09-05
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.45%
Published
2005-02-28
Updated
2016-10-18
Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.
Max CVSS
5.0
EPSS Score
0.74%
Published
2005-02-24
Updated
2018-10-30
The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.
Max CVSS
5.0
EPSS Score
1.71%
Published
2005-02-24
Updated
2018-10-30
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-25
Updated
2008-09-05
nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-02-25
Updated
2008-09-05
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
Max CVSS
4.6
EPSS Score
0.29%
Published
2005-02-24
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
Max CVSS
4.3
EPSS Score
0.52%
Published
2005-02-24
Updated
2017-07-11
Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.
Max CVSS
7.5
EPSS Score
0.23%
Published
2005-02-21
Updated
2016-10-18
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
Max CVSS
7.5
EPSS Score
0.72%
Published
2005-02-22
Updated
2011-03-08
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-23
Updated
2008-09-05
ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.
Max CVSS
10.0
EPSS Score
1.24%
Published
2005-02-23
Updated
2017-07-11
ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.
Max CVSS
10.0
EPSS Score
1.24%
Published
2005-02-18
Updated
2017-07-11
eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-23
Updated
2008-09-05
PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-23
Updated
2008-09-05
The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails.
Max CVSS
7.5
EPSS Score
6.10%
Published
2005-02-23
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.
Max CVSS
4.3
EPSS Score
0.30%
Published
2005-02-22
Updated
2008-09-05
PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086.
Max CVSS
7.5
EPSS Score
2.73%
Published
2005-02-19
Updated
2016-10-18
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
Max CVSS
7.5
EPSS Score
0.51%
Published
2005-02-21
Updated
2008-09-05

CVE-2005-0511

Public exploit
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
Max CVSS
7.5
EPSS Score
89.06%
Published
2005-02-21
Updated
2016-10-18
104 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!